近期提交审核的app都会收到一条提醒,内容如下:
原文:
Upcoming Requirement Reminder
Note: This is a support message regarding upcoming requirements that may be relevant for your app.
Starting June 30, 2022, apps submitted to the App Store that support account creation must also include an option to initiate account deletion.
We noticed this app may support account creation. If it already offers account deletion or you’re working to implement it, we appreciate your efforts to follow the App Store Review Guidelines. Apps submitted after June 30 that do not comply with the account deletion requirements in guideline 5.1.1(v) will not pass review.
To learn more about the account deletion requirements, visit Offering account deletion in your app. If your app offers Sign in with Apple, use the Sign in with Apple REST API to revoke user tokens.
翻译:
即将发布的需求提醒
注意:这是一条关于可能与您的应用程序相关的未来需求的支持消息。
自2022年6月30日起,提交给应用商店的支持帐户创建的应用还必须包括启动帐户删除的选项。
我们注意到此应用程序可能支持创建帐户。如果它已经提供了帐户删除功能,或者您正在努力实施该功能,我们感谢您遵守应用商店审查指南的努力。6月30日之后提交的不符合准则5.1.1(v)中账户删除要求的应用程序将无法通过审查。
要了解有关帐户删除要求的更多信息,请访问应用程序中的提供帐户删除。如果您的应用程序提供Apple登录,请使用Apple REST API登录以吊销用户令牌。
大概意思就是6月30号之后所有带有账号注册功能的app必须还提供账号删除功能,否则提交之后就会无法通过审核。而且带有苹果登录功能的app,还要使用Apple REST API登录以吊销用户令牌。
官网详细介绍了关于Offering account deletion in your app的内容,我直接粘贴过来了。
原文:
Offering account deletion in your app
Starting June 30, 2022, apps submitted to the App Store that support account creation must also let users initiate deletion of their account within the app. Deleting an account removes the account from the developer’s records, along with any data associated with the account that the developer isn’t legally required to maintain. Providing this capability gives people more control of the personal data they’ve shared. If you’re updating an app or submitting a new app with account creation, please read the guidance below to prevent delays in review.
翻译:
在应用程序中提供帐户删除
自2022年6月30日起,提交给App Store且支持帐户创建的应用程序还必须允许用户在应用程序中启动帐户删除。删除帐户将从开发人员的记录中删除该帐户,以及与该帐户相关的任何数据,这些数据是开发人员在法律上不需要维护的。提供此功能可以让人们更好地控制他们共享的个人数据。如果您正在更新应用程序或提交具有帐户创建的新应用程序,请阅读下面的指南,以防止审查延迟。
原文:
Account deletion guidance
Account deletion is a significant decision for the user, and the process for initiating and confirming deletion should be straightforward and transparent:
Make the account deletion option easy to find in your app. Typically, it’s included in the app’s account settings.
Offer to delete the entire account record, along with associated personal data. You may include additional options, but only offering to temporarily deactivate or disable an account is insufficient.
If people need to visit a website to finish deleting their account, include a link directly to the page on your website where they can complete the process.
Keep users informed. If the deletion request will take additional time to complete, let them know. If your app supports in-app purchases, help people understand how billing and cancellations will be handled. For additional guidance, read the Human Interface Guidelines.
Note: Follow applicable legal requirements for storing and retaining user account information and for handling account deletion. This includes complying with local laws where your apps are available. If you have questions regarding your legal obligations, check with your legal counsel.
翻译:
账户删除指导
账户删除是用户的一项重要决策,启动和确认删除的过程应简单透明:
在应用程序中轻松找到帐户删除选项。通常,它包含在应用程序的帐户设置中。
提供删除整个帐户记录以及相关的个人数据。您可以包括其他选项,但仅提供临时停用或禁用帐户是不够的。
如果用户需要访问某个网站以完成删除其帐户,请在您的网站上添加一个直接指向该页面的链接,以便完成删除过程。
随时通知用户。如果删除请求需要额外的时间才能完成,请告知他们。如果您的应用程序支持应用内购买,请帮助人们了解如何处理计费和取消。有关其他指南,请阅读人机界面指南。
注意:请遵守存储和保留用户帐户信息以及处理帐户删除的适用法律要求。这包括遵守您的应用程序可用的当地法律。如果您对您的法律义务有疑问,请咨询您的法律顾问。
原文:
Frequently asked questions
Can I direct users to a customer service flow to complete account deletion?
It depends. Apps in highly regulated industries, as described in App Store Review Guideline 5.1.1(ix), may use additional customer service flows to confirm and facilitate the account deletion process. Apps not operating in highly regulated industries should not require people to make a phone call, send an email, or go through other support flows.
Can I require reauthentication or add confirmation steps to ensure that the account isn’t deleted by accident or by someone other than the account holder?
Yes. It is appropriate to ensure that the deletion is intentional and desired by the user. You may add steps to verify the identity of the person making the request, and to confirm that they want to delete the account (such as by entering a code from an email or phone number already associated with the account). However, apps that make it unnecessarily difficult for a user to delete their account will not pass review.
My app uses Sign in with Apple to provide account creation and authentication to users. What changes are necessary to support users who delete their accounts?
Apps that support Sign in with Apple should use the Sign in with Apple REST API to revoke user tokens. To learn more, review the documentation and design recommendations.
If my app links out to the default web browser for account creation, does it still need to offer account deletion within the app?
Yes. Additionally, note that linking out to the default web browser to sign in or register an account provides a poor user experience and is not appropriate, per App Store Review Guideline 4.
My app automatically creates an account for the user. Do I need to include an option to initiate account deletion?
Yes. Users should have the option to delete automatically generated accounts (sometimes called “guest” accounts) and the data associated with those accounts. Ensure any automatic account creation in your app complies with local laws where your app is available.
I manually delete user accounts and this takes time. Does account deletion need to be immediate and automatic?
No. If your process for account deletion is manual or otherwise takes time to complete, this is acceptable. Inform the user how long it will take to delete the account and provide a confirmation when the deletion has been completed. Ensure the time taken to delete accounts complies with local laws where your app is available.
Does the content provided by a user need to be deleted in apps that display and share user-generated content?
Yes. People expect that all data associated with their account will be deleted when the account is deleted. This includes user-generated content that’s shared with others, such as photos, video, text posts, and reviews. If local laws or regulations require that you maintain some data, let your users know.
I currently allow account deletion in compliance with CCPA, GDPR, or other local laws in some of the locations where my app is available. Is this sufficient?
No. All users should be allowed to delete their accounts, regardless of where they’re located. The existing account deletion flows you’ve created to comply with local legal requirements may be made available to all users, as long as they meet the requirements of App Store Review Guideline 5.1.1(v).
How do I handle users with auto-renewable subscriptions? I don’t want to accidentally charge someone after they’ve deleted their account.
If the user has auto-renewable subscriptions, notify them that their billing will continue through Apple and request that they cancel their subscription before continuing. If you’re using App Store Server Notifications for auto-renewable subscriptions, you can verify the status of the user’s subscription in real time, or use the Subscription Status API to identify subscription status.
Use showManageSubscription in iOS 15 and iPadOS 15, or later, or provide the following link to let users manage their subscriptions: https://apps.apple.com/account/subscriptions. For tvOS, provide onscreen instructions to change or cancel a subscription, as described in the Apple TV User Guide.
In addition, you can use beginRefundRequest in iOS 15 and iPadOS 15, or later, or provide the following Apple Support link to allow customers to submit refund requests: https://support.apple.com/en-us/HT204084.
You can also provide an option to schedule account deletion at a later time to align with the subscription’s expiration date, as long as there is also an option to delete the account immediately.
翻译:
常见问题解答
我是否可以将用户引导到客户服务流以完成帐户删除?
视情况而定。如App Store Review Guide 5.1.1(ix)所述,高度监管行业的应用程序可能会使用其他客户服务流来确认和促进账户删除流程。不在高度监管行业运行的应用程序不应要求人们拨打电话、发送电子邮件或通过其他支持流程。
我是否可以要求重新验证或添加确认步骤,以确保帐户不会被意外删除或被帐户持有人以外的其他人删除?
对适当的做法是确保删除是有意的,并且是用户想要的。您可以添加步骤来验证提出请求的人的身份,并确认他们想要删除该帐户(例如通过从已与该帐户关联的电子邮件或电话号码中输入代码)。然而,那些让用户不必要地难以删除其帐户的应用程序将无法通过审查。
我的应用程序使用Apple登录,为用户提供帐户创建和身份验证。需要哪些更改来支持删除其帐户的用户?
支持通过Apple登录的应用程序应使用通过Apple REST API登录来吊销用户令牌。要了解更多信息,请查看文档和设计建议。
如果我的应用程序链接到默认的web浏览器以创建帐户,是否仍需要在应用程序中提供帐户删除功能?
对此外,请注意,根据App Store Review Guide 4,链接到默认web浏览器以登录或注册帐户会带来糟糕的用户体验,这是不合适的。
我的应用程序会自动为用户创建一个帐户。我是否需要包括启动帐户删除的选项?
对用户应该可以选择删除自动生成的帐户(有时称为“来宾”帐户)以及与这些帐户关联的数据。确保应用程序中的任何自动帐户创建都符合应用程序可用的当地法律。
我手动删除用户帐户,这需要时间。是否需要立即自动删除帐户?
不可以。如果您的帐户删除过程是手动的或需要一些时间才能完成,那么这是可以接受的。通知用户删除帐户需要多长时间,并在删除完成后提供确认。确保删除帐户所需的时间符合您的应用可用的当地法律。
是否需要在显示和共享用户生成内容的应用程序中删除用户提供的内容?
对人们希望在删除帐户时,与帐户关联的所有数据都将被删除。这包括与其他人共享的用户生成的内容,如照片、视频、文字帖子和评论。如果当地法律或法规要求您维护一些数据,请告知您的用户。
我目前允许根据CCPA、GDPR或其他当地法律在我的应用程序可用的某些位置删除帐户。这是否足够?
否。应允许所有用户删除其帐户,无论其位于何处。您为符合当地法律要求而创建的现有帐户删除流可供所有用户使用,只要他们符合App Store Review Guide 5.1.1(v)的要求。
如何处理自动续费订阅的用户?我不想在某人删除其帐户后不小心向其收费。
如果用户有自动续费订阅,通知他们将通过Apple继续计费,并要求他们在继续之前取消订阅。如果您正在使用App Store服务器通知进行自动续订订阅,则可以实时验证用户订阅的状态,或使用订阅状态API标识订阅状态。
总结:
从 2022 年 6 月 30 日开始,App Store 内支持账号创建的应用,必须提供删除账号的功能。
开发者如需更新应用程序以完善删除账号功能,需要注意以下几点:
1)用户能在应用中快速找到删除账号的入口,一般可在账户设置中找到;
2)如果用户是通过 Apple ID 登录,需要在删除账号时使用 Sign in with Apple REST API 来撤销用户令牌;
3)用户删除账号不仅是暂时停用或禁用账号,苹果要求在应用内,所有与该账号相关的个人数据都可以被删除,以帮助用户更好地管理隐私数据;
4)受高度监管的应用可能需要提供额外的客户服务流程,以跟进账号删除过程;
5)遵守有关存储和保留用户账号信息以及处理账号删除的适用法律要求,包括遵守不同国家或地区的当地法律。
此外,如果用户需要访问网站以指引如何删除账号,开发者也需提供相关链接。
若删除账号需要额外的时间,或删除时应用购买问题需要另外解决,开发者也应告知用户。
我们的app内目前没有账户注册功能,我们的账号是在后台系统进行创建的,但是有用户登录功能,对于这样的app会不会在审核的时候被苹果拒绝还不清楚。而且后期我们的app里面也要加上访客注册的功能,到时候就不得不再添加账户删除的功能了。6月30号之后如果有被拒绝的情况我会再来更新。
7月14日更新:
我们的一个app,前两天审核被拒了,被拒的理由有好几条,其中有一条是5.1.1(v)
被拒原文如下:
Guideline 5.1.1(v) - Data Collection and Storage
We noticed that your app supports account creation but does not include an option to initiate account deletion.
Apps that support account creation must also offer account deletion to give App Store users more control of the data they've shared while using your app.
Next Steps
To resolve this issue, revise your app to include an option to initiate account deletion.
If you are unable to offer account deletion due to legal requirements, reply to this message in App Store Connect and provide additional information. You must follow all legal requirements where your app is available for storing and retaining user account information and handling account deletion. If you have questions regarding your legal obligations, check with your legal counsel.
Keep these requirements in mind when updating your app to support account deletion:
- Only offering to temporarily deactivate or disable an account is insufficient.
- If users need to visit a website to finish deleting their account, include a link directly to the page on your website where they can complete the process.
- You may include confirmation steps to prevent users from accidentally deleting their account. However, only apps in highly-regulated industries may require users to use customer service resources, such as making a phone call or sending an email, to complete account deletion.
Resources
- Review frequently asked questions and learn more about the account deletion requirements.
翻译:
准则5.1.1(v)-数据收集和存储
我们注意到,您的应用程序支持创建帐户,但不包括启动帐户删除的选项。
支持账户创建的应用程序还必须提供账户删除功能,以使应用商店用户能够更好地控制他们在使用应用程序时共享的数据。
下一步
要解决此问题,请修改应用程序,使其包含启动帐户删除的选项。
如果由于法律要求,您无法提供帐户删除,请在App Store Connect中回复此消息并提供其他信息。如果你的应用程序可用于存储和保留用户帐户信息以及处理帐户删除,你必须遵守所有法律要求。如果您对您的法律义务有疑问,请咨询您的法律顾问。
更新应用程序以支持帐户删除时,请牢记以下要求:
-仅提供暂时停用或禁用帐户是不够的。
-如果用户需要访问网站以完成删除其帐户,请在您的网站上添加一个直接指向页面的链接,以完成删除过程。
-您可以包括确认步骤,以防止用户意外删除其帐户。然而,只有在受到高度监管的行业中,应用程序可能需要用户使用客户服务资源(如打电话或发送电子邮件)来完成账户删除。
资源
-查看常见问题,了解有关帐户删除要求的更多信息。
解决办法:
由于我们app被拒的理由有好几条,所以我们先把其他的被拒的内容修改了,然后回复了苹果审核我们这次更新主要更新了哪些内容。这次没有处理关于5.1.1(v)的内容,修改后直接提交了,一天之后我们的app因为另一个理由被拒了,但是没有再提5.1.1(v)了,所以我们暂时没有处理关于5.1.1(v)的问题。
参考链接:
https://developer.apple.com/support/offering-account-deletion-in-your-app
https://www.easemob.com/news/8550